tried to use local system user but it does not have previledges to access the network. will the Network Service accound do the trick? , if now , what user it is recomended to use?
thanks!!
A:
This link describes the differences.
The LocalSystem account should have more than enough privileges to access the network. If you cannot access the network with this account, I would check with your system administrator to what other issues may be preventing this.
And yes, the NetworkService account should allow network access as well, but it's set of privileges are not as extensive as the LocalSystem account.
If you can choose between the two, lean toward the NetworkService account. Exposing a service to the network that has system privileges can be a dangerous thing to do, especially if you allow external users to interact with your service. And regardless of what account you choose, make sure you validate the data your service receives.
Matt Davis
2009-02-05 23:56:21
A:
If you're on a domain (and I suppose you'd have to be to run a cluster), see if you can configure the rights you need with a domain user. That's the safest way to go, since you can give the user the lowest privileges it needs to do its job. With with LocalSystem or NetworkService, you risk giving the user too much access, and as Matt mentioned, a malicious user who interacts with your service can cause trouble.
You can sanitize your input in an attempt to prevent problems, but if you miss even a single potential attack, you're at risk. If you can configure a dedicated proxy domain account to do it, that's ideal.
rwmnau
2009-07-07 20:27:38